Security News

Apple App Store Riddled With Money-Sucking Fleeceware Apps
2020-04-10 16:06

Researchers are warning iPhone users of fleeceware apps after finding more than 30 examples of them on Apple's App Store. Many of these fleeceware apps come in the form of image editors, horoscope apps, QR code or barcode scanners, and face filter apps targeted at younger generations.

Flaw hunter bags $75,000 off Apple after duping Safari into spying through iPhone, Mac cameras without permission
2020-04-07 17:58

Independent security researcher Ryan Pickren has revealed how a malicious website could hack Apple's Safari browser on iOS and macOS to spy on the user through the computer's camera without prompting for permission. Apple fixed the issues with Safari 13.1, crediting Pickren for three bug reports in the patch release notes.

Apple Safari Flaws Enable One-Click Webcam Access
2020-04-06 18:43

To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams.

Will Apple’s “microphone switch” stop your iPad getting bugged?
2020-04-06 15:23

There's been a bit of a buzz in the news lately over an "Epic new feature" in the next Apple iPad model - the one that's supposed to come out this year. A real-life, break-in-the-wire(ish) microphone switch so that you can be sure that your iPad really isn't recording you while you're in your car or sitting around at home.

How to keep your Apple devices updated automatically
2020-04-06 13:26

One way to ensure this is to update your Apple systems automatically and to have the App Store automatically update your apps as well. I'll explain how to keep iOS and macOS devices and apps up-to-date without lifting a finger when new updates are available.

Apple Awards Researcher $75,000 for Camera Hacking Vulnerabilities
2020-04-03 13:59

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple's Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March.

Apple's latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause?
2020-04-01 10:30

Apple's latest update to macOS Catalina appears to have broken SSH for some users. The issue is that under Apple's macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works - for some users at least.

Apple’s iOS 13.4 hit by VPN bypass vulnerability
2020-03-30 13:43

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.

Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
2020-03-27 14:43

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.

Apple Safari now blocks all third-party cookies by default
2020-03-26 14:10

"The long wait is over," Apple WebKit engineer John Wilander announced on Tuesday: the latest update to the Safari browser is blocking third-party cookies by default for all users. We've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.